Command Injection Vulnerability in WAVLINK Routers
CVE-2022-35520
9.8CRITICAL
What is CVE-2022-35520?
WAVLINK routers, including models WN572HP3, WN533A8, WN530H4, WN535G3, and WN531P3, are susceptible to a command injection vulnerability due to a lack of input validation on a hidden parameter 'ufconf' in the api.cgi script. This vulnerability allows attackers to execute arbitrary commands on the device via the /ledonoff.shtml page, posing a significant risk to network security.